Guardian Digital Inc. > InfoCenter > Mailing List Archives > Amavis

Amavis Mailing List Archive

From: Richard Whittaker (rwhittaker@northwestel.ca)
Date: Wed Dec 29 2004 - 13:28:06 EST

>Looking at the docs, it seems it has reasonable defaults,
>so something like:
> '--timeout=60 --temp=$TEMPBASE {}'
How would this look in the config file?...

Currently, this is what my config has to run Vexria:

  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    # NOTE: remove the -z if you only have a demo version

The name of the binary has changed to vascan, and the docs tell me that I need to specify --action to make it run automatically.. Some direction from someone who has successfully done this would be much appreciated! I have a 150,000 Msg/day server cluster to upgrade, so I'd like to be sure of what I'm doing before I break everything.. :-)

vascan --help provides this:

root@wh-mrtgp1:/usr/lib/vascan# ./vascan --help
Vexira Scanner 1.0.0 for Linux (2004-12-01)
Usage: vascan [OPTIONS]... [TARGETS]...
  -h, --help Print help and exit
  -V, --version Print version and exit
  You have to wait 30 seconds after program start without valid registration!
  -k, --registration-key=REG registration key from the licence agreement.
  -u, --registered-user=NAME username to whom the licence agreement is filled
Running mode:
  -c, --config=CONFIG obtain missing options from CONFIG file.
                                The commandline options take precedence over
                                their equivalents given in config file.
  -o, --old do not warn if VDB is older than two weeks.
  -q, --quiet display messages only when virus is found.
Targets to be scanned:
  -b, --boot enables scanning of boot sectors of attached
                                devices, too. This option works on Windows/DOS
                                only. (default=off)
  -f, --file=FILE obtains targets to be scanned from FILE.
  -p, --pattern=PATTERN specifies filename patterns, so that only files
                                of which basename matches any of the patterns
                                will be scanned. Multiple patterns can be
                                separated by '|'.
  -Z, --skip-archive disables scanning inside compressed files.
  -M, --skip-mail disables scanning inside mail files (RFC 822).
  -R, --skip-subdir skips files in subdirectories under TARGETS if
                                those are directories. (default=off)
      --follow-symlink follows symbolic link when searching for files.
                                This option has no effect on Windows and DOS.
Scanning methods and operation:
  -s, --scanning=LEVEL adjust scanning method level (possible
                                values="quick", "strict", "full"
  -e, --heuristics=LEVEL adjust heuristic examination level (possible
                                values="off", "normal", "high"
  -a, --action=ACTION action to be taken automatically on virus alert.
                                More than one action can be specified, and in
                                such cases, the first available action will be
                                taken. If this option is not specified at all,
                                user is asked on each alert. (possible
                                values="delete", "kill", "quarantine",
                                "rename", "skip")
      --remove-macro automatically removes _all_ macros from `Office'
                                documents. (default=off)
      --thread=NUM maximum number of scanning threads.
                                This option has no effect on DOS.
      --timeout=NUM number of seconds within a thread should finish
                                the scanning of one object. Consider to raise
                                this limit in case of huge archive files.
      --timeout-abort exits when the first thread is timed out.
Quarantine operations:
  The following actions accept zero or more arguments (`keys' or `key:FILE'
  pairs) specifying the operands for the desired operation. Multiple actions
  with arguments are permitted, and the keys can be obtained by `--list'.
  If no key is given at all, the selected action is performed on each file in
  the quarantine. Files can be filtered by `--status' in both cases.
      --status=STATUS quarantine files with STATUS will be selected
                                only for the desired operation.
                                The default values are 'all', 'infected' and
                                `clean' for `--list', `--delete' and
                                '--restore', respectively. (possible
                                values="all", "clean", "infected",
                                "suspicious", "deleted")
  -l, --list[=key] displays information about quarantined file(s)
                                in quarantine directory (`--quarantine') such
                                as 'key' and STATUS beside original location,
                                file size and last modification date.
      --delete[=key] deletes quarantined file(s).
      --rescan[=key] rescans quarantined file(s).
                                `--status' has no effect on this operation.
      --restore[=key[:FILE]] restores quarantined file(s) to FILE or its
                                original location if FILE is omitted.
      --saveas=key:FILE saves quarantined file(s) specified by key
                                (required!) to FILE(s).
  -w, --overwrite allows for `--restore' and `--saveas' to
                                overwrite existing FILE(s). (default=off)
Working files and directories:
      --log[=FILE] file where to save messages for further use.
  -y, --quarantine=DIR secure directory where to move infected files on
                                request; using absolute pathname is strongly
  -t, --temp=DIR directory where to extract scanned files.
  -d, --vdb=FILE virus database file to indentify viruses.


Richard Whittaker, CISSP
System Manager,
NorthwesTel Inc.
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
AMaViS-user mailing list

[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.